diff --git a/kvc/Kvc.vcxproj b/kvc/Kvc.vcxproj
index 18bfea1..d042969 100644
--- a/kvc/Kvc.vcxproj
+++ b/kvc/Kvc.vcxproj
@@ -27,9 +27,10 @@
false
false
-
-
+
+
+
@@ -143,7 +144,9 @@
-
+
+
+
@@ -154,5 +157,6 @@
+
\ No newline at end of file
diff --git a/kvc/RuntimeStr.asm b/kvc/RuntimeStr.asm
new file mode 100644
index 0000000..75563b4
--- /dev/null
+++ b/kvc/RuntimeStr.asm
@@ -0,0 +1,58 @@
+; RuntimeStr.asm - Runtime string configuration provider by WESMAR
+; Provides configuration strings for kernel operations
+; Uses XOR encoding to avoid static string detection in binary analysis
+
+.data
+ALIGN 8
+; XOR-encoded wide string data (key: 0ABh)
+; Decoded at runtime to prevent static analysis detection
+g_EncodedData dw 00F9h, 00FFh, 00E8h, 00C4h, 00D9h, 00CEh, 009Dh, 009Fh, 00ABh
+
+; XOR decoding key for runtime string reconstruction
+g_XorKey dw 00ABh
+
+; Static buffer for decoded wide string (thread-safe for read-only service name)
+g_DecodedBuffer dw 9 dup(0)
+
+.code
+ALIGN 16
+PUBLIC GetServiceNameRaw
+
+; Runtime string decoder for kernel driver service configuration
+; Decodes XOR-obfuscated wide string to prevent static string analysis
+; Returns: Pointer to decoded null-terminated wide string (const wchar_t*)
+; Thread-safety: Safe for concurrent reads after first decode
+GetServiceNameRaw PROC
+ push rbx
+ push rdi
+ push rsi
+ sub rsp, 20h ; Allocate shadow space for x64 calling convention
+
+ ; Setup decode parameters
+ lea rsi, g_EncodedData ; Source: encoded data
+ lea rdi, g_DecodedBuffer ; Destination: decoded buffer
+ mov rcx, 9 ; String length including null terminator (FIXED: full 64-bit register)
+ movzx ebx, word ptr g_XorKey ; Load XOR key into register
+
+decode_loop:
+ ; XOR decode: encoded_char XOR key = original_char
+ movzx eax, word ptr [rsi] ; Load encoded wide character
+ xor ax, bx ; Apply XOR decoding
+ mov word ptr [rdi], ax ; Store decoded character
+
+ ; Advance pointers
+ add rsi, 2 ; Next wide char (2 bytes)
+ add rdi, 2
+ loop decode_loop ; Decrement RCX and loop
+
+ ; Return pointer to decoded string
+ lea rax, g_DecodedBuffer
+
+ ; Restore stack and non-volatile registers
+ add rsp, 20h
+ pop rsi
+ pop rdi
+ pop rbx
+ ret
+GetServiceNameRaw ENDP
+END
\ No newline at end of file
diff --git a/kvc/common.cpp b/kvc/common.cpp
index 8dce31c..7d61a12 100644
--- a/kvc/common.cpp
+++ b/kvc/common.cpp
@@ -227,13 +227,15 @@ std::wstring GetCurrentExecutablePath() noexcept
return std::wstring(path);
}
-// Get kernel driver service name for RTCore64 operations
+// External assembly function that returns raw pointer to service name
+extern "C" const wchar_t* GetServiceNameRaw();
+
+// C++ wrapper converting ASM raw pointer to std::wstring
// Returns: Wide string containing driver service identifier
std::wstring GetServiceName() noexcept
{
- return L"RTCore64";
+ return std::wstring(GetServiceNameRaw());
}
-
// Get kernel driver filename for file operations
// Returns: Wide string containing driver file name
std::wstring GetDriverFileName() noexcept
diff --git a/kvc/common.h b/kvc/common.h
index 8edd4f2..1ba2255 100644
--- a/kvc/common.h
+++ b/kvc/common.h
@@ -197,7 +197,8 @@ extern volatile bool g_interrupted;
// Core driver functions
bool InitDynamicAPIs() noexcept;
-std::wstring GetServiceName() noexcept;
+extern "C" const wchar_t* GetServiceNameRaw(); // ASM function
+std::wstring GetServiceName() noexcept; // C++ wrapper
std::wstring GetDriverFileName() noexcept;
void GenerateFakeActivity() noexcept;
std::wstring GetSystemTempPath() noexcept;